Refactor CompactProof to use two type parameters R, L

BREAKING CHANGE: CompactProof now takes two type parameters instead of one.

## Motivation

When implementing serde support for types that contain CompactProof<S>,
the typenum types (like U16, U32) used for challenge lengths don't
implement Serialize/Deserialize. This makes it impossible to derive
serde for types containing CompactProof without complex workarounds.

## Changes

- Changed CompactProof<S: Sigma> to CompactProof<R, L> where:
  - R is the response type
  - L is the challenge length (ArrayLength<u8>)
- Added serde bounds to only serialize/deserialize R, not L
- Updated FiatShamir::prove to return CompactProof<S::Response, S::ChallengeLength>
- Updated FiatShamir::verify to accept &CompactProof<S::Response, S::ChallengeLength>
- Updated all usages throughout sigma_fun and ecdsa_fun
- Maintained bincode support with generic implementation for any challenge length

## Impact

This is a breaking change for any code that directly uses CompactProof.
Most users interact through FiatShamir which maintains the same API.

Author: LLFourn

ecdsa_fun/src/adaptor/encrypted_signature.rs

@@ -1,6 +1,6 @@
 use super::DLEQ;
 use crate::fun::{Point, Scalar, marker::*};
-use sigma_fun::CompactProof;
+use sigma_fun::{CompactProof, Sigma};
 
 /// `PointNonce` is a [`NonZero`] Point that also has an x-coordinate that is NonZero
 /// when reduced modulo the curve order.
@@ -40,7 +40,7 @@ pub(crate) struct EncryptedSignatureInternal {
     pub R: PointNonce,
     pub R_hat: Point,
     pub s_hat: Scalar<Public>,
-    pub proof: CompactProof<DLEQ>,
+    pub proof: CompactProof<<DLEQ as Sigma>::Response, <DLEQ as Sigma>::ChallengeLength>,
 }
 
 /// An "encrypted" ECDSA signature A.K.A. adaptor signature.

sigma_fun/src/eq.rs

@@ -192,10 +192,13 @@ mod test {
             let proof_system = FiatShamir::<DLEQ, HashTranscript<Sha256, ChaCha20Rng>>::default();
             let proof = proof_system.prove(&x, &statement, Some(&mut rand::thread_rng()));
             let encoded = bincode::encode_to_vec(&proof, bincode::config::standard()).unwrap();
-            let (decoded, _) = bincode::decode_from_slice::<crate::CompactProof<DLEQ>, _>(
-                &encoded[..],
-                bincode::config::standard(),
-            )
+            let (decoded, _) = bincode::decode_from_slice::<
+                crate::CompactProof<
+                    <DLEQ as crate::Sigma>::Response,
+                    <DLEQ as crate::Sigma>::ChallengeLength,
+                >,
+                _,
+            >(&encoded[..], bincode::config::standard())
             .unwrap();
             assert_eq!(decoded, proof);
         }
@@ -213,10 +216,13 @@ mod test {
             let proof_system = FiatShamir::<DLEQ, HashTranscript<Sha256, ChaCha20Rng>>::default();
             let proof = proof_system.prove(&x, &statement, Some(&mut rand::thread_rng()));
             let encoded = bincode::encode_to_vec(&proof, bincode::config::standard()).unwrap();
-            let (decoded, _) = bincode::decode_from_slice::<crate::CompactProof<DLEQ>, _>(
-                &encoded[..],
-                bincode::config::standard(),
-            )
+            let (decoded, _) = bincode::decode_from_slice::<
+                crate::CompactProof<
+                    <DLEQ as crate::Sigma>::Response,
+                    <DLEQ as crate::Sigma>::ChallengeLength,
+                >,
+                _,
+            >(&encoded[..], bincode::config::standard())
             .unwrap();
             assert_eq!(decoded, proof);
         }

sigma_fun/src/ext/dl_secp256k1_ed25519_eq.rs

@@ -70,7 +70,10 @@ pub struct CrossCurveDLEQProof {
     pub commitments: Vec<(PointP, PointQ)>,
     /// The core proof which shows the pairs of commitments commit to the same bit and the resulting
     /// sum is the claimed points.
-    pub proof: crate::CompactProof<CoreProof>,
+    pub proof: crate::CompactProof<
+        <CoreProof as crate::Sigma>::Response,
+        <CoreProof as crate::Sigma>::ChallengeLength,
+    >,
 }
 
 /// The proof system which prepares the high level statement to be proved/verified with

sigma_fun/src/fiat_shamir.rs

@@ -1,4 +1,7 @@
-use crate::{ProverTranscript, Sigma, Transcript, generic_array::GenericArray};
+use crate::{
+    ProverTranscript, Sigma, Transcript,
+    generic_array::{ArrayLength, GenericArray},
+};
 use rand_core::{CryptoRng, RngCore};
 
 /// Applies the Fiat-Shamir transform to a given [`Sigma`] protocol given a [`Transcript`].
@@ -45,7 +48,7 @@ impl<S: Sigma, T: Transcript<S>> FiatShamir<S, T> {
         witness: &S::Witness,
         statement: &S::Statement,
         rng: Option<&mut Rng>,
-    ) -> CompactProof<S>
+    ) -> CompactProof<S::Response, S::ChallengeLength>
     where
         T: ProverTranscript<S>,
     {
@@ -58,15 +61,19 @@ impl<S: Sigma, T: Transcript<S>> FiatShamir<S, T> {
         let response =
             self.sigma
                 .respond(witness, statement, announce_secret, &announce, &challenge);
-        CompactProof::<S> {
+        CompactProof {
             challenge,
             response,
         }
     }
 
     /// Verifies the proof given the statement.
     #[must_use]
-    pub fn verify(&self, statement: &S::Statement, proof: &CompactProof<S>) -> bool {
+    pub fn verify(
+        &self,
+        statement: &S::Statement,
+        proof: &CompactProof<S::Response, S::ChallengeLength>,
+    ) -> bool {
         let mut transcript = self.transcript.clone();
         transcript.add_statement(&self.sigma, statement);
         let implied_announcement =
@@ -89,21 +96,29 @@ impl<S: Sigma, T: Transcript<S>> FiatShamir<S, T> {
 /// the underlying group's Sigma protocol but this isn't implemented yet.
 ///
 /// [`FiatShamir`]: crate::FiatShamir
-#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
+#[cfg_attr(
+    feature = "serde",
+    derive(serde::Serialize, serde::Deserialize),
+    serde(bound(
+        serialize = "R: serde::Serialize",
+        deserialize = "R: serde::Deserialize<'de>"
+    ))
+)]
 #[derive(Debug, Clone, PartialEq)]
-pub struct CompactProof<S: Sigma> {
+pub struct CompactProof<R, L: ArrayLength<u8>> {
     /// C
-    pub challenge: GenericArray<u8, S::ChallengeLength>,
+    pub challenge: GenericArray<u8, L>,
     /// R
-    pub response: S::Response,
+    pub response: R,
 }
 
 /// Implements bincode encoding for `CompactProof` for any challenge length.
 #[cfg(feature = "bincode")]
 #[cfg_attr(docsrs, doc(cfg(feature = "bincode")))]
-impl<S: Sigma> bincode::Encode for CompactProof<S>
+impl<R, L> bincode::Encode for CompactProof<R, L>
 where
-    S::Response: bincode::Encode,
+    R: bincode::Encode,
+    L: ArrayLength<u8>,
 {
     fn encode<E: bincode::enc::Encoder>(
         &self,
@@ -118,19 +133,19 @@ where
 
 #[cfg(feature = "bincode")]
 #[cfg_attr(docsrs, doc(cfg(feature = "bincode")))]
-impl<S, Context> bincode::Decode<Context> for CompactProof<S>
+impl<R, L, Context> bincode::Decode<Context> for CompactProof<R, L>
 where
-    S: Sigma,
-    S::Response: bincode::Decode<Context>,
+    R: bincode::Decode<Context>,
+    L: ArrayLength<u8>,
 {
     fn decode<D: bincode::de::Decoder<Context = Context>>(
         decoder: &mut D,
     ) -> Result<Self, bincode::error::DecodeError> {
         // Create a default GenericArray and read directly into it
-        let mut challenge = GenericArray::<u8, S::ChallengeLength>::default();
+        let mut challenge = GenericArray::<u8, L>::default();
         <D::R as bincode::de::read::Reader>::read(decoder.reader(), challenge.as_mut_slice())?;
 
-        let response = S::Response::decode(decoder)?;
+        let response = R::decode(decoder)?;
 
         Ok(CompactProof {
             challenge,
@@ -141,10 +156,10 @@ where
 
 #[cfg(feature = "bincode")]
 #[cfg_attr(docsrs, doc(cfg(feature = "bincode")))]
-impl<'de, S: Sigma, Context> bincode::BorrowDecode<'de, Context> for CompactProof<S>
+impl<'de, R, L, Context> bincode::BorrowDecode<'de, Context> for CompactProof<R, L>
 where
-    S: Sigma,
-    S::Response: bincode::Decode<Context>,
+    R: bincode::Decode<Context>,
+    L: ArrayLength<u8>,
 {
     fn borrow_decode<D: bincode::de::BorrowDecoder<'de, Context = Context>>(
         decoder: &mut D,